CN104933811B - Outputting note of ATM apparatus control method and device - Google Patents
Outputting note of ATM apparatus control method and device Download PDFInfo
- Publication number
- CN104933811B CN104933811B CN201510242656.9A CN201510242656A CN104933811B CN 104933811 B CN104933811 B CN 104933811B CN 201510242656 A CN201510242656 A CN 201510242656A CN 104933811 B CN104933811 B CN 104933811B
- Authority
- CN
- China
- Prior art keywords
- signature operation
- sender
- module
- instruction
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of outputting note of ATM apparatus control method and device.This method includes:Legitimate verification module receives the signature operation instruction that upper-layer service software is initiated, wherein, the signature operation instruction includes note output instruction, synchronisation key instruction, certificate operational order or movement test instruction;The identity information for the sender that signature operation described in legitimate verification module verification is instructed;When the identity for the sender that the signature operation is instructed is illegal, legitimate verification module forbids sending signature operation instruction to movement medium module;When the identity for the sender that the signature operation is instructed is legal, legitimate verification module sends signature operation instruction to movement medium module.The present invention realizes the legitimate verification of outputting note of ATM, it is ensured that the movement note output legitimacy of behavior.
Description
Technical field
The present embodiments relate to outputting note of ATM control technology, more particularly to a kind of outputting note of ATM equipment
Control method and device.
Background technology
With continuing to develop for information technology, the bank based on the multiple technologies such as electronic technology and computer technology is certainly
Dynamic automatic teller machine (Automatic Teller Machine, ATM) is quickly grown, and bank ATM is had been applied in each city, is
Client provides the functions such as automatic depositing-withdrawing, alleviates the workload of bank clerk.
The popularization applied with ATM, its security situation is also faced with increasing challenge, and the example being particularly acute is exactly
Security incident caused by the illegal control of note output equipment, brilliant offender has abandoned traditional violence side to movement equipment
Method, but illegal operation is done to movement by related software control device, movement is performed illegal note output operation, so as to illegally obtain
Enchashment gold.This criminal offence will not leave obvious hardware vestige in equipment, and be to perform conjunction by illegal means
Method is operated, behavior it is disguised stronger, harmfulness is bigger, and from the point of view of current statistics, and this criminal offence is showing
Proportion is highest in golden traction equipment criminal offence.
Fig. 1 is the flow chart of ATM note outputs in the prior art, as shown in figure 1, in the prior art, ATM performs main during note output
It is that ATMC (ATM Control, ATM control software) top level control movement medium program carries out note output, lacks to note output behavior
Legitimate verification, so as to cause ATM abnormal note output, causes the generation of above-mentioned criminal offence.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of outputting note of ATM apparatus control method and device, to ensure
The movement note output legitimacy of behavior.
In a first aspect, the embodiments of the invention provide a kind of outputting note of ATM apparatus control method, methods described bag
Include:
Legitimate verification module receives the signature operation instruction that upper-layer service software is initiated, wherein, the signature operation refers to
Order includes note output instruction, synchronisation key instruction, certificate operational order or movement test instruction;
The identity information for the sender that signature operation described in legitimate verification module verification is instructed;
When the identity for the sender that the signature operation is instructed is illegal, legitimate verification module is forbidden the signature
Operational order is sent to movement medium module;
When the identity for the sender that the signature operation is instructed is legal, legitimate verification module refers to the signature operation
Order is sent to movement medium module.
Second aspect, the embodiment of the present invention additionally provides a kind of outputting note of ATM plant control unit, described device
Including:
Legitimate verification module, the signature operation instruction for receiving the initiation of upper-layer service software, wherein, the signature behaviour
Making instruction includes note output instruction, synchronisation key instruction, certificate operational order or movement test instruction;Verify that the signature operation refers to
The identity information of the sender of order;When the identity for the sender that the signature operation is instructed is illegal, forbid the signature
Operational order is sent to movement medium module;When the identity for the sender that the signature operation is instructed is legal, by the signature
Operational order is sent to movement medium module;
Movement medium module, corresponding operation is instructed for performing the signature operation.
ATM control method and device provided in an embodiment of the present invention, upper strata is received by legitimate verification module
The signature operation instruction that business software is initiated, verifies the identity information of the sender of the signature operation instruction, only when described
When the identity of the sender of signature operation instruction is legal, signature operation instruction is sent to movement medium module, when described
When the identity of the sender of signature operation instruction is illegal, forbid sending signature operation instruction to movement medium module,
Realize the legitimate verification of outputting note of ATM, it is ensured that the movement note output legitimacy of behavior.
Brief description of the drawings
Fig. 1 is the flow chart of ATM note outputs in the prior art;
Fig. 2 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention one is provided;
Fig. 3 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention two is provided;
Fig. 4 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention three is provided;
Fig. 5 is mandate USB flash disk or encryption in outputting note of ATM apparatus control method provided in an embodiment of the present invention
The structure chart of keyboard;
Fig. 6 is a kind of schematic diagram for outputting note of ATM apparatus control method that the embodiment of the present invention four is provided;
Fig. 7 is a kind of schematic diagram for outputting note of ATM plant control unit that the embodiment of the present invention five is provided;
Fig. 8 is the legitimate verification module in outputting note of ATM plant control unit provided in an embodiment of the present invention
Structure chart;
Fig. 9 is the movement security service module in outputting note of ATM plant control unit provided in an embodiment of the present invention
Structure chart.
Embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention, rather than limitation of the invention.It also should be noted that, in order to just
Part related to the present invention rather than full content are illustrate only in description, accompanying drawing.
Embodiment one
Fig. 2 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention one is provided, this reality
Apply example to be applicable to be controlled outputting note of ATM equipment, this method can be performed by ATM, specific bag
Include following steps:
Step 210, legitimate verification module receives the signature operation instruction that upper-layer service software is initiated.
Wherein, the signature operation instruction includes note output instruction, synchronisation key instruction, certificate operational order or movement test
Instruction.
, it is necessary to be signed to operational order when upper-layer service software initiates operational order, that is, signature operation instruction is sent,
To carry out authentication.The signature operation that upper-layer service software is initiated is instructed before movement medium module is sent to, and first has to lead to
Cross the identity information that legitimate verification module instructs to the signature operation and verify that therefore, legitimate verification module is first
Receive the signature operation instruction of upper-layer service software initiation.
Wherein, the upper-layer service software includes:ATMC upper stratas, movement security service module authorize USB flash disk or encryption
Authorization module in keyboard.Note output instruction is initiated by ATMC upper stratas;Movement security service module receive from authorize USB flash disk or
Encryption Keyboard send synchronisation key instruction or certificate operational order, and by the synchronisation key instruct or certificate operation refer to
Order is sent to legitimate verification module;Movement test instruction is by mandate USB flash disk or Encryption Keyboard initiation.
Step 220, the identity information for the sender that signature operation described in legitimate verification module verification is instructed.
The signing messages that legitimate verification module is instructed according to the signature operation verifies the hair that the signature operation is instructed
Whether the identity information for the person of sending is legal.
Step 230, when the signature operation instruct sender identity it is illegal when, legitimate verification module forbid by
The signature operation instruction is sent to movement medium module.
Legitimate verification module is verified by the identity information of the sender instructed to the signature operation, judges institute
State the sender of signature operation instruction identity information it is illegal when, forbid sending signature operation instruction to movement medium
Module, to avoid the abnormal note output of movement medium module.
Step 240, when the identity of the sender instructed when the signature operation is legal, legitimate verification module is by the label
Name operational order is sent to movement medium module.
Legitimate verification module is verified by the identity information of the sender instructed to the signature operation, judges institute
State signature operation instruction sender identity information it is legal when, by the signature operation instruction send to movement medium module,
Movement medium module is performed the signature operation and instruct asked operation, such as note output.
The present embodiment receives the signature operation instruction that upper-layer service software is initiated by legitimate verification module, and checking is described
The identity information of the sender of signature operation instruction, when the identity for the sender that the signature operation is instructed is illegal, forbids
Signature operation instruction is sent to movement medium module, when the identity for the sender that the signature operation is instructed is legal,
Signature operation instruction is sent to movement medium module, it is ensured that the movement note output legitimacy of behavior.
On the basis of above-mentioned technical proposal, further preferably include:
When the identity for the sender that the signature operation is instructed is anonymity, legitimate verification module is refused the signature
Operational order is sent to movement medium module.
Legitimate verification module is legal in order to ensure the identity for the sender that the signature operation is instructed, and upper strata industry is not allowed
Being engaged in, software is anonymous to send operational order, if it find that the identity of the sender of signature operation instruction is anonymity, then refusing will
The signature operation instruction is sent to movement medium module.
On the basis of above-mentioned technical proposal, further preferably include:
The implementing result that the signature operation is instructed is fed back to the legitimate verification module by movement medium module;
The implementing result or identity information the result that legitimate verification module instructs the signature operation feed back to institute
State upper-layer service software.
The upper-layer service software that being fed back by result instructs initiation signature operation understands holding for the signature operation instruction
Row result or identity information the result.
Embodiment two
Fig. 3 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention two is provided, at this
In embodiment, the signature operation instruction is note output instruction, and this method specifically includes following steps:
Step 310, legitimate verification module receives the signature operation instruction that upper-layer service software is initiated.
Wherein, the signature operation instruction is note output instruction.
When signature operation instruction is note output instruction, upper-layer service software is ATMC upper stratas.
Step 320, legitimate verification module obtains the sender of the signature operation instruction from movement security service module
Identity information.
Wherein, movement security service module is in order to ensure the normal work of legitimate verification module, in an operating system
The service safety-related with movement of registration.
Movement security service module obtains the identity information of the sender of the signature operation instruction, that is, obtains and send described
The identity information of the upper-layer service software of signature operation instruction, the identity for the sender that the signature operation got is instructed
Information, which is reported, gives legitimate verification module.
Step 330, the identity information for the sender that legitimate verification module instructs the signature operation is sent with described
The signing messages that person sends is contrasted.
Legitimate verification module is sent out by the identity information for the sender for instructing the signature operation with the sender
Whether the signing messages sent is contrasted, be forged with the signing messages for determining sender.
Step 340, the A.L.S. that the identity information of the sender instructed when the signature operation is sent with the sender
When ceasing consistent, legitimate verification module determines that the identity of the sender of the signature operation instruction is legal.
When the identity information for the sender that the signature operation is instructed is consistent with the signing messages that the sender sends,
Determine that the identity of the sender of the signature operation instruction is legal, i.e. the signing messages of sender is not forged.
Step 350, the A.L.S. that the identity information of the sender instructed when the signature operation is sent with the sender
When ceasing inconsistent, legitimate verification module determines that the identity of the sender of the signature operation instruction is illegal.
The identity information and signing messages that the sender sends of the sender instructed when the signature operation is inconsistent
When, determine that the identity of the sender of the signature operation instruction is illegal, i.e. the signing messages of sender is forged.
Step 360, when the signature operation instruct sender identity it is illegal when, legitimate verification module forbid by
The signature operation instruction is sent to movement medium module.
When it is determined that the identity of the sender of signature operation instruction is legal, following steps are performed:
Step 370, legitimate verification module obtains the certificate information included in the signature operation instruction.
Step 380, the certificate information that legitimate verification module is preserved according to itself, verifies and is wrapped in the signature operation instruction
Whether the certificate information contained is legal.
Step 390, when the certificate information included in signature operation instruction is legal, the signature operation is instructed and sent out
Deliver to movement medium module.
When the certificate information included in signature operation instruction is legal, signature operation instruction is sent to movement
Medium module, so that movement medium module performs note output;When the certificate information included in signature operation instruction is illegal,
Legitimate verification module notifies upper-layer service software upgrading certificate.
The present embodiment obtains the identity for initiating the upper-layer service software that signature operation is instructed by movement security service module
Information, and report and give legitimate verification module, the identity letter for the sender that legitimate verification module instructs the signature operation
Cease the signing messages sent with the sender to be contrasted, the sender of the signature operation instruction is determined when contrasting consistent
Identity it is legal, determine that the identity of the sender of signature operation instruction is illegal when contrasting inconsistent, when the signature
When the identity of operational order is illegal, forbid sending signature operation instruction to movement medium module, so as to ensure that machine
The core note output legitimacy of behavior and the legitimacy for the source program for requiring movement note output, realize the legitimacy of outputting note of ATM
Checking so that each note output of ATM, by security control, improves the security of ATM.
On the basis of above-mentioned technical proposal, further preferably include:
When the identity for the sender that the signature operation is instructed is illegal, legitimate verification module is by the signature operation
The identity information of the sender of the instruction message inconsistent with the signing messages that the sender sends is sent to movement safety clothes
Business module;
The process name for the process that the sender that movement security service module obtains the signature operation instruction creates;
Movement security service module terminates the process represented by the process name by force, and deletes the process name institute by force
The process of expression.
The identity information of the sender of the signature operation instruction and the signing messages that the sender sends are inconsistent, then
The signing messages for illustrating sender is to forge, and movement security service module obtains the address information of adulterator, obtains adulterator
The process name of the process of establishment, terminates the process that adulterator is created by force, and by its Force Deletion, so as to ensure to initiate note output
The legitimacy of the source program of instruction, when finding that source program is illegal, Force Deletion is carried out to it.
Embodiment three
Fig. 4 is a kind of flow chart for outputting note of ATM apparatus control method that the embodiment of the present invention three is provided, at this
In embodiment, the signature operation instruction is synchronisation key instruction, certificate operational order or movement test are instructed, and this method is specific
Comprise the following steps:
Step 410, legitimate verification module receives the signature operation instruction that upper-layer service software is initiated.
Wherein, the signature operation instruction tests instruction for synchronisation key instruction, certificate operational order or movement.
When signature operation instruction tests instruction for synchronisation key instruction, certificate operational order or movement, due to this
A little behaviors have greater risk mostly, therefore, and the initiation program of these behaviors is all placed on mandate USB flash disk or Encryption Keyboard, hair
The upper-layer service software of signature operation instruction is played to authorize USB flash disk or Encryption Keyboard.And for some users due to using habit
It is used, the program copy on USB flash disk or Encryption Keyboard may will be authorized to be run into system, or even some users may malice
Ground is by risk program copy, for this behavior, and the present embodiment does not allow above-mentioned risk program to depart from mandate USB flash disk or encryption key
Disk, the promoter for initiating these programs using following step 420 and step 430 pair carries out authentication.
Step 420, authorization module, which is examined, authorizes whether USB flash disk or Encryption Keyboard insert external interface.
Wherein, the authorization module is configured in mandate USB flash disk or Encryption Keyboard, that is, initiates the signature operation instruction
Promoter.Authorization module, which is examined, authorizes whether USB flash disk or Encryption Keyboard insert external interface, it is ensured that authorization module is to initiate described
The initiation program of signature operation instruction is without departing from mandate USB flash disk or Encryption Keyboard.
Step 430, when the mandate USB flash disk or Encryption Keyboard are already inserted into, awarded described in legitimate verification module verification
Whether the authorization message weighed on USB flash disk or Encryption Keyboard is correct, and determines whether identity information is legal according to the result.
Legitimate verification module itself can preserve the authorization message of the mandate USB flash disk or Encryption Keyboard, when passing through movement
The mandate USB flash disk or the authorization message of Encryption Keyboard that security service module is got are identical with the authorization message that itself is preserved
When, determine that identity information is legal;When awarding for the mandate USB flash disk or Encryption Keyboard got by movement security service module
When the authorization message that power information is preserved with itself is differed, determine that identity information is illegal.
Step 440, when the mandate USB flash disk or Encryption Keyboard are not inserted into, authorization module deletes itself and exited.
When the mandate USB flash disk or Encryption Keyboard are not inserted into, show to initiate the initiation journey of the signature operation instruction
Sequence is that authorization module has been detached from the mandate USB flash disk or Encryption Keyboard, then authorization module can delete itself and quit a program.
Awarded to ensure that the initiation program for initiating synchronisation key instruction, certificate operational order or movement test instruction is not departed from
USB flash disk or Encryption Keyboard are weighed, that is, initiates the initiation program of synchronisation key instruction, certificate operational order or movement test instruction with awarding
Power USB flash disk or Encryption Keyboard are bindings, mandate USB flash disk or the great authority of Encryption Keyboard are thus imparted, just because of awarding
The authority for weighing USB flash disk or Encryption Keyboard is excessive, once authorize USB flash disk to lose or authorize the file leakage on USB flash disk or Encryption Keyboard,
It may result in very big risk.Can be mandate USB flash disk or Encryption Keyboard addition access limit control in order to avoid this risk
System.Fig. 5 is the mandate USB flash disk or Encryption Keyboard in outputting note of ATM apparatus control method provided in an embodiment of the present invention
Structure chart, as shown in figure 5, USB flash disk or Encryption Keyboard will be authorized to be divided into 3 subregions:Subregion 1 is logon area, is placed in this subregion
Logging program, if without logging into second subregion is in disabled status, it is impossible to get this and authorize USB flash disk or Encryption Keyboard
On authority checking information, authorize verification can not pass through, it is impossible to perform risk operations, at the same can not also get mandate USB flash disk or
Synchronisation key, making certificate, execution movement test equivalent risk operation on person's Encryption Keyboard;Second subregion is data manipulation
Area, necessary application file is placed in this subregion, includes authorizing the authorization message of USB flash disk, to synchronisation key, make certificate,
Movement test program etc., the subregion is disabled status before login, is read-only status after login;3rd subregion divides to hide
Area, this partition user can not be seen, but by special tool(s), can check the content of this subregion, remember in this subregion
Record this usage record for authorizing USB flash disk or Encryption Keyboard, for example in such a month, and on such a day some time point uses on an ATM certain year,
The IP of this atm device is that what etc. what, hard disk serial number are.In this way, prevent from authorizing USB flash disk or encryption key
Disk is illegally abused, and usage behavior can be tracked, the production tool that manufacturer uses except non-usage, while holding this again
The corresponding key of production tool and corresponding password, otherwise the content in this hidden partition can not be cleared.It is logical
Cross to authorize USB flash disk or Encryption Keyboard to carry out different subregions, further ensure the safety for authorizing USB flash disk or Encryption Keyboard.
Step 450, when the signature operation instruct sender identity it is illegal when, legitimate verification module forbid by
The signature operation instruction is sent to movement medium module.
When the identity for the sender that the signature operation is instructed is illegal, refusal performs the signature operation instruction and asked
The operation asked.
Step 460, when the identity of the sender instructed when the signature operation is legal, legitimate verification module is by the label
Name operational order is sent to movement medium module.
When the identity for the sender that the signature operation is instructed is legal, legitimate verification module refers to the signature operation
Order is sent to movement medium module, movement medium module is performed the signature operation and is instructed asked operation.
The present embodiment authorizes whether USB flash disk or Encryption Keyboard insert external interface by authorization module checking, when mandate USB flash disk
Or during Encryption Keyboard insertion external interface, the mandate on USB flash disk or Encryption Keyboard is authorized described in legitimate verification module verification
Whether information is correct, and determines whether identity information is legal according to the result, when identity information is legal, and the signature is grasped
Make instruction to send to movement medium module, when identity information is illegal, forbid sending signature operation instruction to movement
Medium module, it is ensured that initiate the initiation program of synchronisation key instruction, certificate operational order or movement test instruction with authorizing USB flash disk
Or Encryption Keyboard is not departed from, i.e., ensured by way of authorizing the hardware such as USB flash disk or Encryption Keyboard initiate synchronisation key instruction,
The legitimacy of certificate operational order or the initiation program of movement test instruction, it is to avoid movement exception note output.
Example IV
Fig. 6 is a kind of schematic diagram for outputting note of ATM apparatus control method that the embodiment of the present invention four is provided, such as Fig. 6
Shown, A represents that ATMC upper stratas are sent to legitimate verification module and instructed, it is desirable to which it performs note output action;B represents legitimate verification
Module is to upper strata feedback command execution information, such as:Legitimate verification failure, instruction run succeeded;C represents legitimate verification mould
Block requires that movement medium module performs particular command, such as synchronisation key, execution note output action;D represents that movement medium module is anti-
Command execution results are presented, such as succeeds or because certain reason unsuccessfully returns to error code;E represents that movement medium module is received out
After paper money instruction, note output action is performed;F represents that movement security service module obtains the information on the upper strata for sending instruction;G represents movement
Security service module carries out deletion action by force after the checking invalid message of legitimate verification module is received to the upper strata of camouflage;
H represent movement security service module obtain authorize USB flash disk authorization message, or receive from authorize USB flash disk send making certificate or
The operation applications such as person's synchronisation key;I represents that movement security service module sends the upper layer information got and gives legitimate verification mould
Block, require that legitimate verification module sends synchronisation key order, or the information Generated Certificate is notified to legitimate verification
Module;J represents that legitimate verification module sends identity information that upper strata signing messages and movement security service module get not
The message of symbol gives movement security service module, or replys synchronisation key or certificate correlation that movement security service module is sent
The result that information is performed;K, L then represent to authorize the test program on USB flash disk or Encryption Keyboard to operate by legitimate verification module
Movement, performs test operation, sends and instructs and receive feedback.
Embodiment five
Fig. 7 is a kind of schematic diagram for outputting note of ATM plant control unit that the embodiment of the present invention five is provided, such as Fig. 7
Shown, the outputting note of ATM plant control unit that the present embodiment is provided includes:
Legitimate verification module 710 is used for the signature operation instruction for receiving the initiation of upper-layer service software, wherein, the signature
Operational order includes note output instruction, synchronisation key instruction, certificate operational order or movement test instruction;Verify the signature operation
The identity information of the sender of instruction;When the identity for the sender that the signature operation is instructed is illegal, forbid the label
Name operational order is sent to movement medium module;When the identity for the sender that the signature operation is instructed is legal, by the label
Name operational order is sent to movement medium module;
Movement medium module 720 is used to perform the corresponding operation of the signature operation instruction.
Wherein, the upper-layer service software includes:ATM control software ATMC, movement security service module are awarded
Weigh the authorization module in USB flash disk or Encryption Keyboard.
It is preferred that, the legitimate verification module is additionally operable to:
When the identity for the sender that the signature operation is instructed is anonymity, refusal sends signature operation instruction extremely
Movement medium module.
It is preferred that, the signature operation instruction is note output instruction;
Described device also includes:
Movement security service module, the identity information of the sender for obtaining the signature operation instruction;
The legitimate verification module includes:
Identity information acquiring unit, for obtaining the sender's that the signature operation is instructed from movement security service module
Identity information;
Identity information comparison unit, for the identity information of sender and the sender for instructing the signature operation
The signing messages of transmission is contrasted;
Identity determination unit, sends for the identity information as the sender that the signature operation is instructed with the sender
Signing messages it is consistent when, determine that the identity of the sender of signature operation instruction is legal;Instructed when the signature operation
When the identity information of sender and the inconsistent signing messages that the sender sends, the transmission of the signature operation instruction is determined
The identity of person is illegal;
Legitimate verification module also includes:
Certificate information acquiring unit, when the identity for the sender that the signature operation is instructed is legal, obtains the signature
The certificate information included in operational order;
Certificate information authentication unit, is wrapped for according to the certificate information itself preserved, verifying in the signature operation instruction
Whether the certificate information contained is legal;
Transmitting element, for when the certificate information included in signature operation instruction is legal, by the signature operation
Instruction is sent to movement medium module.
It is preferred that, the movement security service module is additionally operable to:
When the identity for the sender that the signature operation is instructed is illegal, the institute that legitimate verification module is sent is received
State the identity information of the sender of the signature operation instruction message inconsistent with the signing messages of sender transmission;
Obtain the process name of the process of sender's establishment of the signature operation instruction;
Terminate the process represented by the process name by force, and delete the process represented by the process name by force.
It is preferred that, the signature operation instruction is synchronisation key instruction, certificate operational order or movement test are instructed;
Described device also includes:
Authorization module, is configured in mandate USB flash disk or Encryption Keyboard, and whether USB flash disk or Encryption Keyboard are authorized for examining
Insert external interface;
Legitimate verification module is additionally operable to:
When the mandate USB flash disk or Encryption Keyboard are already inserted into, awarding on the checking mandate USB flash disk or Encryption Keyboard
Whether correct weigh information, and determine whether identity information is legal according to the result.
Authorization module is additionally operable to:
When the mandate USB flash disk or Encryption Keyboard are not inserted into, delete itself and exit.
It is preferred that, the movement medium module is additionally operable to:
The implementing result that the signature operation is instructed feeds back to the legitimate verification module;
The legitimate verification module is additionally operable to:
The implementing result or identity information the result that the signature operation is instructed feed back to the upper-layer service software.
Fig. 8 is the legitimate verification module in outputting note of ATM plant control unit provided in an embodiment of the present invention
Structure chart, as shown in figure 8, legitimate verification module includes upper procedure interface, algoritic module, certificate storage module and medium journey
Sequence interface.Wherein, upper procedure interface includes legitimate verification module to movement security service module and to ATMC upper stratas industry
The calling interface that business software is provided;Algoritic module includes certification authentication algorithm and message enciphering and deciphering algorithm;Certificate storage module
Save the certificate counterfoil for verifying certificate legitimacy and the checking information for authorizing USB flash disk;Medium program interface is then used to logical
Cross after legitimate verification, the input and output of movement medium module are linked up and obtained with movement medium module.
Fig. 9 is the movement security service module in outputting note of ATM plant control unit provided in an embodiment of the present invention
Structure chart, as shown in figure 9, movement security service module include authentication module, Service Processing Module and external interface.Wherein,
Authentication module is mainly used in whether checking USB flash disk is that either whether Encryption Keyboard or Encryption Keyboard possess movement service to mandate USB flash disk
Authorization function, it is ensured that the legitimacy operated when being operated using USB flash disk or Encryption Keyboard;Service Processing Module is used for processing pair
The information that external tapping is sent, and corresponding processing mode is determined according to these information, such as legitimate verification module finds upper strata
Signing messages and information that movement security service module is got it is inconsistent, then Service Processing Module notifies external interface,
Its calling system function is asked to kill the upper strata of camouflage and delete it;External interface is responsible for receiving the outside data message transmitted,
And these information are transmitted to Service Processing Module, while the processing strategy that also specified according to Service Processing Module calls outside
Functional module is handled specified module or data message.
The said goods can perform the method that any embodiment of the present invention is provided, and possess the corresponding functional module of execution method
And beneficial effect.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art it is various it is obvious change,
Readjust and substitute without departing from protection scope of the present invention.Therefore, although the present invention is carried out by above example
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
Other more equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.
Claims (8)
1. a kind of outputting note of ATM apparatus control method, it is characterised in that methods described includes:
Legitimate verification module receives the signature operation instruction that upper-layer service software is initiated, wherein, the signature operation instruction bag
Include paper money instruction, synchronisation key instruction, certificate operational order or movement test instruction;
The identity information for the sender that signature operation described in legitimate verification module verification is instructed;
When the identity for the sender that the signature operation is instructed is illegal, legitimate verification module is forbidden the signature operation
Instruction is sent to movement medium module;
When the identity for the sender that the signature operation is instructed is legal, the signature operation is instructed and sent out by legitimate verification module
Deliver to movement medium module;
Wherein, when the signature operation instruction is note output instruction, the hair that signature operation described in legitimate verification module verification is instructed
The identity information for the person of sending, including:
Legitimate verification module obtains the identity information of the sender of the signature operation instruction from movement security service module;
The signature that the identity information for the sender that legitimate verification module instructs the signature operation is sent with the sender
Information is contrasted;
It is legal when the identity information for the sender that the signature operation is instructed is consistent with the signing messages that the sender sends
Property authentication module determine that the identity of the sender of signature operation instruction is legal;
When the identity information and the inconsistent signing messages of sender transmission for the sender that the signature operation is instructed, close
Method authentication module determines that the identity of the sender of the signature operation instruction is illegal;
When the identity for the sender that the signature operation is instructed is legal, the signature operation is instructed and sent out by legitimate verification module
Movement medium module is delivered to, including:
Legitimate verification module obtains the certificate information included in the signature operation instruction;
The certificate information that legitimate verification module is preserved according to itself, verifies the certificate information included in the signature operation instruction
It is whether legal;
When the certificate information included in signature operation instruction is legal, signature operation instruction is sent to movement medium
Module.
2. according to the method described in claim 1, it is characterised in that also include:
When the identity for the sender that the signature operation is instructed is illegal, legitimate verification module instructs the signature operation
The inconsistent message of the signing messages that sends of identity information and the sender of sender be sent to movement security service mould
Block;
The process name for the process that the sender that movement security service module obtains the signature operation instruction creates;
Movement security service module terminates the process represented by the process name by force, and deletes by force represented by the process name
Process.
3. according to the method described in claim 1, it is characterised in that the signature operation instruction is synchronisation key instruction, certificate
When operational order or movement test instruction, the identity letter for the sender that signature operation described in legitimate verification module verification is instructed
Breath, including:
Authorization module, which is examined, authorizes whether USB flash disk or Encryption Keyboard insert external interface, wherein, the authorization module, which is configured at, to be awarded
Weigh in USB flash disk or Encryption Keyboard;
When the mandate USB flash disk or Encryption Keyboard are already inserted into, USB flash disk or encryption are authorized described in legitimate verification module verification
Whether the authorization message on keyboard is correct, and determines whether identity information is legal according to the result;
When the mandate USB flash disk or Encryption Keyboard are not inserted into, authorization module deletes itself and exited.
4. according to the method described in claim 1, it is characterised in that also include:
The implementing result that the signature operation is instructed is fed back to the legitimate verification module by movement medium module;
The implementing result or identity information the result that legitimate verification module instructs the signature operation are fed back on described
Layer service software.
5. according to any described methods of claim 1-4, it is characterised in that the upper-layer service software includes:Automated teller
Authorization module in machine control software ATMC, movement security service module or mandate USB flash disk or Encryption Keyboard.
6. a kind of outputting note of ATM plant control unit, it is characterised in that described device includes:
Legitimate verification module, the signature operation instruction for receiving the initiation of upper-layer service software, wherein, the signature operation refers to
Order includes note output instruction, synchronisation key instruction, certificate operational order or movement test instruction;Verify the signature operation instruction
The identity information of sender;When the identity for the sender that the signature operation is instructed is illegal, forbid the signature operation
Instruction is sent to movement medium module;When the identity for the sender that the signature operation is instructed is legal, by the signature operation
Instruction is sent to movement medium module;
Movement medium module, corresponding operation is instructed for performing the signature operation;
Wherein, when the signature operation instruction is note output instruction, described device also includes:
Movement security service module, the identity information of the sender for obtaining the signature operation instruction;
The legitimate verification module includes:
Identity information acquiring unit, the identity of the sender for obtaining the signature operation instruction from movement security service module
Information;
Identity information comparison unit, the identity information of the sender for the signature operation to be instructed is sent with the sender
Signing messages contrasted;
Identity determination unit, the label sent for the identity information as the sender that the signature operation is instructed and the sender
When name information is consistent, determine that the identity of the sender of the signature operation instruction is legal;The transmission instructed when the signature operation
When the identity information of person and the inconsistent signing messages that the sender sends, determine the sender's of the signature operation instruction
Identity is illegal;
Legitimate verification module also includes:
Certificate information acquiring unit, when the identity for the sender that the signature operation is instructed is legal, obtains the signature operation
The certificate information included in instruction;
Certificate information authentication unit, for according to the certificate information itself preserved, verifying what is included in the signature operation instruction
Whether certificate information is legal;
Transmitting element, for when the certificate information included in signature operation instruction is legal, the signature operation to be instructed
Send to movement medium module.
7. device according to claim 6, it is characterised in that the movement security service module is additionally operable to:
When the identity for the sender that the signature operation is instructed is illegal, the label that legitimate verification module is sent are received
The identity information of the sender of the name operational order message inconsistent with the signing messages that the sender sends;
Obtain the process name of the process of sender's establishment of the signature operation instruction;
Terminate the process represented by the process name by force, and delete the process represented by the process name by force.
8. device according to claim 6, it is characterised in that the signature operation instruction is synchronisation key instruction, certificate
When operational order or movement test instruction, described device also includes:
Authorization module, is configured in mandate USB flash disk or Encryption Keyboard, authorizes whether USB flash disk or Encryption Keyboard insert for examining
External interface;
Legitimate verification module is additionally operable to:
When the mandate USB flash disk or Encryption Keyboard are already inserted into, the mandate letter authorized on USB flash disk or Encryption Keyboard is verified
Whether breath is correct, and determines whether identity information is legal according to the result;
Authorization module is additionally operable to:
When the mandate USB flash disk or Encryption Keyboard are not inserted into, delete itself and exit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510242656.9A CN104933811B (en) | 2015-05-13 | 2015-05-13 | Outputting note of ATM apparatus control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510242656.9A CN104933811B (en) | 2015-05-13 | 2015-05-13 | Outputting note of ATM apparatus control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104933811A CN104933811A (en) | 2015-09-23 |
CN104933811B true CN104933811B (en) | 2017-09-29 |
Family
ID=54120962
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510242656.9A Expired - Fee Related CN104933811B (en) | 2015-05-13 | 2015-05-13 | Outputting note of ATM apparatus control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104933811B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107077561B (en) * | 2017-01-10 | 2021-08-13 | 深圳怡化电脑股份有限公司 | Method for verifying identity of upper-layer application, self-service terminal and application server |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
CN102411814A (en) * | 2011-08-10 | 2012-04-11 | 中国工商银行股份有限公司 | Identity authentication method, handheld ATM (automated teller machine) terminal and system |
CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
CN103825738A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Registration information authentication method and device |
CN104318679A (en) * | 2014-10-29 | 2015-01-28 | 胡正义 | Cash withdrawal control method for ATM (automatic teller machine) |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015003728A1 (en) * | 2013-07-08 | 2015-01-15 | Keba Ag | Automated teller machine |
-
2015
- 2015-05-13 CN CN201510242656.9A patent/CN104933811B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
CN102411814A (en) * | 2011-08-10 | 2012-04-11 | 中国工商银行股份有限公司 | Identity authentication method, handheld ATM (automated teller machine) terminal and system |
CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
CN103825738A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Registration information authentication method and device |
CN104318679A (en) * | 2014-10-29 | 2015-01-28 | 胡正义 | Cash withdrawal control method for ATM (automatic teller machine) |
Also Published As
Publication number | Publication date |
---|---|
CN104933811A (en) | 2015-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8949607B2 (en) | Digital data authentication | |
US8209744B2 (en) | Mobile device assisted secure computer network communication | |
US9292665B2 (en) | Secure serial number | |
CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
US7730321B2 (en) | System and method for authentication of users and communications received from computer systems | |
US7603565B2 (en) | Apparatus and method for authenticating access to a network resource | |
CN102217277B (en) | Method and system for token-based authentication | |
US8869238B2 (en) | Authentication using a turing test to block automated attacks | |
EP1719283B1 (en) | Method and apparatus for authentication of users and communications received from computer systems | |
US20160321656A1 (en) | Method and system for protecting information against unauthorized use (variants) | |
CN109922027B (en) | Credible identity authentication method, terminal and storage medium | |
CN102364888B (en) | Setting method, setting system, terminal and authentication server for dynamic token key factor | |
CN107454048A (en) | The processing method and processing device of information, the authentication method of information, apparatus and system | |
CN110493229B (en) | Service request processing method, device and system | |
CN107979467A (en) | Verification method and device | |
CN103560883A (en) | Safety identification method, between android application programs, based on user right | |
CN107241329A (en) | Account login process method and device | |
CN104881595B (en) | The self-help remote unlocking method managed based on PIN code | |
CN112241527A (en) | Key generation method and system and electronic equipment | |
CN114338201B (en) | Data processing method and device, electronic equipment and storage medium | |
CN104933811B (en) | Outputting note of ATM apparatus control method and device | |
WO2007038283A2 (en) | Web page approval and authentication application incorporating multi-factor user authentication component | |
CN111740938A (en) | Information processing method and device, client and server | |
CN107707510A (en) | A kind of information-pushing method, apparatus and system | |
Howard et al. | Cyber fraud trends and mitigation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170929 |